With dozens of mobile apps installed on a device, data privacy has become an integral part of digital security. Even the highest-rated apps have been found to have shared data with its partners. In Singapore, Muslim Pro, a prayer tracking app with nearly 100 million downloads, has come under the scanner for allegedly selling location data to the U.S. military. It is now facing an investigation by the city-state's regulatory body Personal Data Protection Commission (PDPC).
It all started with an investigation by Motherboard, a news outlet that found that the U.S. military was buying location data from app developers via third-party brokers. Muslim Pro was just one of the apps but with a significant user base spreading across 216 nations. It shared data with X-Mode, a broker whose customers included the U.S. military. The data included phone models, timestamps and the Wi-Fi network names that the phone connected to.
Bitsmedia, the company behind the app, said that the reports of selling data were "untrue" and that only anonymized data was shared with its partners. However, following reports, the company said it cut its ties with X-Mode.
Why Is It Important?
Over the last two decades, the U.S. military has been known to target Muslim terror groups and getting access to location data is an important counter-intelligence method. While Bitsmedia said that the data was anonymized and didn't include personal information such as name, phone number and email address, another third-party broker, Babel Street told Motherboard that it could be deanonymized.
"We apply industry-standard security arrangements and protective measures and select leading technology partners to keep our data safe and secure on our cloud infrastructure. We have also been open and transparent about the personal information we collect, store, and process," Bitsmedia said in a statement.
In its defense, the company said that users did not need to sign up to access the app's feature, meaning that information was anonymized. But the app needs access to GPS to accurately tell the users' prayer times. Following the allegations, PDPA will be looking into the claims. If Bitsmedia is found to have breached the regulation which was amended earlier this year, the company will have to pay 10 percent of its annual turnover or S$1 million, whichever is higher. It can also face additional scrutiny from European regulators under the General Data Protection Regulation (GDPR) which can attract a heavier fine.
"Organisations with mobile applications available to Singapore users must comply with the data protection requirements of the Personal Data Protection Act (PDPA). We remind users to also be mindful of the type of permissions and personal data that they provide and how it may be used. If in doubt, users should not download or use any application," a spokesperson told Today.
MuslimPro Faces Backlash
Following the revelations, users expressed their dismay on social media platforms. Many users left a one-star rating on the review page of Google Play Store. One user said that he was "very disappointed" with the app's data transparency. On Twitter, many expressed their dismay regarding continuous scrutiny on the Muslim population.
"True, apps have long been selling users' data to third parties since the discovery of smartphones. However, in the case of MuslimPro which is patronized by millions of the very people who are most vulnerable to be cataloged as terrorists, the betrayal seems to be far deeper," one user said on Twitter.